I self host pretty much everything, but one of the services I find makes more sense to not self host is an email server.

I’ve got a few domains I’d like to have emails for, and usually I’d go for Tutanota or protonmail. But in this instance I’m looking for something dirt cheap. These domains are for a hobby club so I’m much less concerned with privacy like I usually would be. Anybody got any recommendations?

So far namecheap seems like my best option for under $8/month. They would bundle with my domain registration and I’m assuming having both on the same service would make things pretty seamless to set up.

Not crazy concerned with privacy for these particular accounts. Namecheap or similar is reputable enough.

  • Brickfrog
    link
    fedilink
    English
    1
    edit-2
    7 months ago

    If you’re using Google Workspace, Google will give you the appropriate DMARC, DKIM and SPF records to add to your DNS. The NS themselves should resolve the records and provide the recipient server with the values you’ve entered, thereby ensuring delivery.

    Sure. But why would that matter when you’re dealing with hostile 3rd party email providers that intentionally want to blackhole all email domains at Namecheap? But yes, just to clarify I do configure DMARC/DKIM/SPF and that works great for most cases.

    I’m just describing what worked for me though in truth I don’t know exactly how these hostile email providers actually determine the domain is hosted at Namecheap. My hunch is that they are using a lookup & finding the nameserver for the domain & have already blacklisted Namecheap’s default free nameserver IP addresses. For whatever reason those same hostile email providers don’t seem to be blacklisting Namecheap’s paid nameserver but I think that sort of makes sense…

    The larger issue is that Namecheap is known for cheap domains that scammers/spammers tend to buy in bulk & then use to spam with. Those same scammers/spammers aren’t trying to spend extra money so they only ever use the default free Namecheap nameservers.

    • chiisanaA
      link
      English
      47 months ago

      No it does not make any sense. There are literally thousands of domain registrars out there; almost every single last one of them will offer free DNS service with registration. Also, more specifically speaking, DNS provider host provider look up is not even part of email delivery flow.

      The most well known spam registrar is GoDaddy as they spam ads everywhere, and everyone and their third cousin’s dogs know about them. NameCheap is a large registrar but isn’t that big of a fish comparatively speaking. But, regardless, blocking any registrars that size the way you’re describing would break way more businesses and hurt the recipient provider’s own reputation. This honestly starting to sound more and more like a smear campaign as opposed to anything grounded in actual technology.

      • Brickfrog
        link
        fedilink
        English
        2
        edit-2
        7 months ago

        But, regardless, blocking any registrars that size the way you’re describing would break way more businesses and hurt the recipient provider’s own reputation.

        Yeah I thought that too but when speaking with the email admin that was blocking Namecheap while figuring this out they had already decided it wasn’t worth trying to allow the 1% of valid emails vs the 99% spam emails they felt they received via Namecheap domains.

        This honestly starting to sound more and more like a smear campaign

        Smear against whom? I’m a Namecheap customer, just relaying my own experiences using them. Besides that quirk I like them fine as a registrar… I know it sounds dumb but I even renewed my domains there even after those email issues.

        It’s fine, you don’t need to believe me as I said it’s just my own experience using Namecheap domains for emails. But you could just google around, you’ll see plenty of people discussing Namecheap & looking for solutions to block them (or solutions to successfully send emails with hem)… it’s not something I randomly made up if that’s what you’re implying.

        e.g.

        https://community.spiceworks.com/t/blocking-emails-based-on-registrar/816565

        https://tacit.livejournal.com/608386.html

        https://shkspr.mobi/blog/2021/05/why-do-scammers-love-namecheap/

        https://www.reddit.com/r/NameCheap/comments/13t6fvm/namecheaps_private_email_is_blacklisted_by/

        https://www.reddit.com/r/NameCheap/comments/wlb6vp/namecheap_making_it_too_easy_to_register_domains/

        https://www.reddit.com/r/NameCheap/comments/tz4mkb/my_emails_are_always_going_in_the_spam_folder_of/

        https://www.reddit.com/r/NameCheap/comments/ye358x/i_am_getting_a_ton_of_spam_scams_from_namecheap/

        etc.

        • chiisanaA
          link
          English
          37 months ago

          The name servers themselves is not part of the equation. The commonality in all those linked are sending emails from Namecheap’s shared hosted email/website, not name servers. Sending email from shared hosted email/website is asking for trouble, doesn’t matter who you’re hosting with, because those IP range are always abused, especially with the larger providers, simply due to a larger exposure. The detection mechanism here is really simple and observable via raw mail headers by checking the Received: line. Filtering emails from this information here is a typical part of the anti-spam model. A typical implementation would be via DNSBL providers such as Spamhaus, Sorbs and alike. The solution is always to use trusted transaction email services to deliver email from the website instead.

          That, however, is a very different problem than the dedicated email services like Google Workspace Gmail, because you’d not be sending from your web server’s IP address, but rather via Google’s dedicated range. As such, the Recevied: line is much less likely to yield a match in DNSBLs. Validation for these are then done via the SPF/DKIM/DMARC records on your domain, checking if your configuration permits delivery from server at the Recevied: line (look for Received-SPF) and whether or not you have the appropriate signing (look for Authentication-Results: and bits about the various stages of DKIM and DMARC).